Check Point Blog

If you have been reading recent malware studies and articles, you may have noticed that many different different countries have been named as the ones “most targeted” or with the “most new mobile threats”

This week’s news focuses on the business of mobile. Unlike most weeks, where we touch on a new strain of mobile malware or a new vulnerability - this week presents a different point of view on mobile security. It’s critical to keep up to date with this sort of events, as in the long run they will undoubtedly impact all aspects of mobile security in the enterprise.

Android takes the lead in mobile security news this week. With major decisions being made regarding how Google views the future of Android security, they’ve received another big wakeup call - between 60-70% of Android devices are vulnerable to a substantial vulnerability.
iOS users also discovered another blow to their security this week. Several months ago, our researchers at Lacoon Security discovered a vulnerability in the Gmail iOS app which enables a threat actor to perform a Man-in-the-Middle attack - and by doing so, view, and even modify, encrypted communications.

Security Disclosure: As part of our ongoing research into Apple’s iOS environment, we analyze mobile apps from various perspectives. During a routine analysis of the Gmail iOS app we unexpectedly came across a vulnerability which enables a threat actor that is performing a Man-in-the-Middle attack to view, and even modify, encrypted communications. The Vulnerability: Gmail’s iOS App Does Not Perform Certificate Pinning.

This week’s issue contains four entirely different but all highly volatile mobile security threats. New vulnerabilities and threat vectors are rapidly appearing. These aren’t small issues either - they potentially place millions of devices and users in danger and all need receive due attention.

What is fragmentation and how does it affect the security of the Android-based devices? Join our podcast where Dan Koretsky, our sr. security researcher at Lacoon Security, provides a brief overview of Android fragmentation and its implications on enterprise security.

A jailbreaking tool, named Pangu, for Apple-based mobile devices running iOS 7.1-7.1.x was released yesterday on June 24, 2014.
Pangu should concern us - the security community, enterprises, and consumers alike. Pangu represents a major technology leap, ultimately lowering the barrier for attackers to create sophisticated mobile-targeted attacks.